* main: (23 commits)
web/admin: use <pre> for order field on bound elements (#7031)
blueprints: fix mismatched user-login stage order (#7030)
stages/email: rework email templates (#7029)
website/docs: add notice for nginx ingress configuration requirement (#7027)
translate: Updates for web/xliff/en.xlf in fr
web: locales: rename fr_FR to fr to match transifex
events: fix error when storing events with date/time/datetime/etc (#7028)
stages/invitation: fix mis-matched serializer class for invitation (#7018)
web: bump mermaid from 10.4.0 to 10.5.0 in /web (#7026)
web: bump core-js from 3.32.2 to 3.33.0 in /web (#7020)
core: bump webauthn from 1.10.1 to 1.11.0 (#7021)
core: bump pylint from 2.17.6 to 2.17.7 (#7022)
core: bump django-redis from 5.3.0 to 5.4.0 (#7023)
core: bump packaging from 23.1 to 23.2 (#7024)
web/admin: invitation stage: default "continue without invitation" to false
core: bump pydantic from 2.4.1 to 2.4.2 (#7014)
website: bump postcss from 8.4.30 to 8.4.31 in /website (#7015)
internal: fix redis session store (#7011)
web: bump rollup from 3.29.3 to 3.29.4 in /web (#7009)
core: bump github.com/prometheus/client_golang from 1.16.0 to 1.17.0 (#7007)
...
This commit refactors the various components of the Wizard and ApplicationWizard, creating a much
more maintainable and satisfying Wizard experience for both developers (i.e, *me* and *Jens* so
far), and for the customer.
The Wizard base has been refactored into three components:
**AkWizardController**
The `AkWizardController` provides the event listenters for the wizard; it hooks them up, recevies the
events, and forwards them to the wizard. It unwraps the event objects and forwards the relevant
messages contained in the events. It knows of three event categories:
- Navigation requests (move to a different step)
- Update requests (the current step has updated the business content)
- Close requests (close or cancel the wizard).
**ak-wizard-frame**
The `ak-wizard-frame` is the ModalButton interface. It provides the Header, Breadcrumbs (nee`
"navigation block"), Buttons, and a DIV into which the main content is rendered.
**AkWizard**
`AkWizard` is an *incomplete* implementation of the wizard. It's meant to be inherited by a child
class, which will implement the rest. It extends `AKElement`. It provides the basic content needed,
such as steps, currentStep (as an index), an accessor for the step itself, an accessor for the
frame, and the interface to the `AkWizardController`.
**ApplicationWizard**
The `ApplicationWizard` itself has been refactored to accommodate these changes. It inherits from
`AkWizard` and provides the business logic for what to do when a form updates, some custom logic for
preventing moving through the wizard when the forms are incomplete, and a persistence layer for
filling out different providers in the same session. It's simplified a *lot*.
The types specified for `AkWizard` are pretty nifty, I think. I could wish the types being passed
via the custom events were more robust, but [strongly typed custom
events](https://github.com/lit/lit-element/issues/808) turn out to be quite the pain in the, er,
neck. As it is, the `precommit` pass did very good at preventing the worst disasters.
The steps themselves were re-written as objects so that they could take advantage of their `valid`
and `disabled` states and provide more meaningful buttons and labels. I think it's a solid
compromise, and it moved a lot of display logic out of the core `handleUpdate()` business method.
The tests, such as they are, are passing.
* main: (41 commits)
root: fix missing /lifecycle in path
website/blog: add info-block to blog about m2m (#7002)
root: handle SIGHUP and SIGUSR2, healthcheck gunicorn (#6630)
flows: stage_invalid() makes flow restart depending on invalid_response_action setting (#6780)
core: bump psycopg from 3.1.11 to 3.1.12 (#6997)
core: bump pydantic from 2.4.0 to 2.4.1 (#6998)
web: bump the sentry group in /web with 2 updates (#6999)
web: bump pyright from 1.1.328 to 1.1.329 in /web (#7000)
website/blog: improved sentence (#6995)
website/blog: fix missing link in m2m post (#6994)
web/user: fix incorrect link to admin interface (#6993)
root: disable APPEND_SLASH (#6928)
root: replace boj/redistore with vendored version of rbcervilla/redisstore (#6988)
sources/ldap: add default property mapping to mirror directory structure (#6990)
website/blogs: Blog about m2m (#6974)
root: make Celery worker concurrency configurable (#6837)
root: make postgres connection in makefile customizable (#6977)
core: prevent self-impersonation (#6885)
web: bump @typescript-eslint/parser from 6.7.2 to 6.7.3 in /web (#6984)
core: bump pydantic from 2.3.0 to 2.4.0 (#6979)
...
This commit continues the application wizard buildout. In this commit are the following changes:
- Fixed a width-setting bug in the Makefile `make help` feature (i.e "automate that stuff!")
- Added Radius to the list of providers we can offer via the wizard
- Added `launchUrl` and `UI Settings` to features of the application page the wizard can find
- Changed 'SAML Manual Configuration' to just say "SAML Configuration"
- Modified `ak-form-group` to take and honor the `aria-label` property (which in turn makes it
easier to target specific forms with unit testing)
- Reduced the log level for wdio to 'warn'; 'info' was super-spammy and not helpful. It can be put
back with `--logLevel info` from the command line.
- Added SCIM to the list of available providers
- Fixed ForwardProxy so that its mode is set correctly. (This is a special case in the committer;
I'm unhappy with that.)
- Fixed the commit messages so that:
- icons are set correctly (Success, Danger, Working)
- icons are colored correctly according to state
- commit message includes a `data-commit-state` field so tests can find it!
- Merged the application wizard tests into a single test pass
- Isolated common parts of the application wizard tests to reduce unnecessary repetition. All
application tests are the same until you reach the provider section anyway.
- Fixed the unit tests so they're finding the right error messages and are enabled to display them
correctly.
- Moved the test Form handlers into their own folder so they're not cluttering up the Pages folder.
* main: (21 commits)
website/integrations: fix typo
web: improve testability (#6952)
core: bump cryptography from 41.0.3 to 41.0.4 (#6951)
root: don't exclude enterprise from container image (#6956)
core: bump twilio from 8.8.0 to 8.9.0 (#6953)
root: Add setting to adjust database config for pgpool (#6949)
website: bump the docusaurus group in /website with 3 updates (#6943)
web: bump the sentry group in /web with 2 updates (#6944)
web: bump the eslint group in /web with 1 update (#6946)
web: bump the storybook group in /web with 6 updates (#6945)
web: bump @types/grecaptcha from 3.0.4 to 3.0.5 in /web (#6947)
core: bump urllib3 from 2.0.4 to 2.0.5 (#6948)
core: bump node from 20.5 to 20.6 (#6784)
web: bump pyright from 1.1.327 to 1.1.328 in /web (#6940)
web: bump the storybook group in /web with 1 update (#6939)
web: bump the eslint group in /web with 1 update (#6933)
website: bump postcss from 8.4.29 to 8.4.30 in /website (#6932)
web: bump @typescript-eslint/parser from 6.7.0 to 6.7.2 in /web (#6934)
web: bump turnstile-types from 1.1.2 to 1.1.3 in /web (#6935)
website/docs: add info about our docs (#6936)
...
web/improve testability
This is a trio of small hacks that allow the E2E tests to find several components
on the page while the test is running:
- Add a `data-managed-for` field to SearchSelect's positioned elements. If a search
has a `name` field, it will be reflected here, allowing tests to find specific
instances of the dropdown elements.
- Add a forwarder to the search select wrappers we use for our SearchSelect.
- Added aria details to the UserLibrary header to make it easy to identify.
This commit replaces the previous WDIO instance with a more formal and straightforward process using
the [pageobjects](https://martinfowler.com/bliki/PageObject.html). In this form, every major
component has its own test suite, and a test is a sequence of exercises of those components.
A test then becomes something as straightforward as:
```
await LoginPage.open();
await LoginPage.login("ken@goauthentik.io", "eat10bugs");
expect(await UserLibraryPage.pageHeader).toHaveText("My Applications");
await UserLibraryPage.goToAdmin();
expect(await AdminOverviewPage.pageHeader).toHaveText("Welcome, ");
await AdminOverviewPage.openApplicationsListPage();
expect(await ApplicationsListPage.pageHeader).toHaveText("Applications");
ApplicationsListPage.startCreateApplicationWizard();
await ApplicationWizard.app.name.setValue(`Test application ${newId}`);
await ApplicationWizard.nextButton.click();
await (await ApplicationWizard.getProviderType("ldapprovider")).click();
await ApplicationWizard.nextButton.click();
await ApplicationWizard.ldap.setBindFlow("default-authentication-flow");
await ApplicationWizard.nextButton.click();
await expect(await ApplicationWizard.commitMessage).toHaveText(
"Your application has been saved"
);
```
Whether or not there's another layer of DSL in there or not, this is a pretty nice idiom for
maintaining tests.
* main: (184 commits)
web/admin: user details few tooltip buttons (#6899)
website/blogs: added emm dashes (#6927)
core: bump goauthentik.io/api/v3 from 3.2023083.2 to 3.2023083.3 (#6925)
core: bump ruff from 0.0.289 to 0.0.290 (#6923)
web: bump the babel group in /web with 2 updates (#6919)
web: bump the storybook group in /web with 5 updates (#6920)
web: bump rollup from 3.29.1 to 3.29.2 in /web (#6921)
core: bump pycryptodome from 3.18.0 to 3.19.0 (#6922)
core: bump django-filter from 23.2 to 23.3 (#6924)
core: bump github.com/go-ldap/ldap/v3 from 3.4.5 to 3.4.6 (#6926)
web: bump API Client version (#6918)
core: create app transactional api (#6446)
sources/ldap: add warning when a property mapping returns None or bytes (#6913)
website: replace login card with png (#6911)
core: compile backend translations (#6912)
translate: Updates for file locale/en/LC_MESSAGES/django.po in zh-Hans on branch main (#6910)
translate: Updates for file locale/en/LC_MESSAGES/django.po in zh_CN on branch main (#6907)
translate: Updates for file web/xliff/en.xlf in zh_CN on branch main (#6908)
translate: Updates for file web/xliff/en.xlf in zh-Hans on branch main (#6909)
web/admin: fix webauthn label order, add raw value (#6905)
...
* Web: Detangling some circular dependencies in Admin and User
Admin, User, and Flow should not dependend upon each other, at least
not in a circular way. If Admin and User depend on Flow, that's
fine, but Flow should not correspondingly depend upon elements of
either; if they have something in common, let's put them in
`@goauthentik/common` or find some other smart place to store them.
This commit refactors the intentToLabel and actionToLabel functions
into `@goauthentik/common/labels` and converts them to static tables
for maintenance purposes.
* web: "Consistency is the hobgoblin of small minds" - Ralph Waldo Emerson
* web: I found these confusing to look at, so I added comments.
* web: remove admin-to-user component reference(s)
There was only one: AppIcon. This has been moved to `components`.
Touching the LibraryApplications page triggered a cyclomatic
complexity check. Extracting the expansion block and streamlining
the class and style declarations with lit directives helped.
* web: remove admin from elements
This commit removes the two references from `elements` to `admin`: the list of UserEvents and a
reference to the FlowSearch type, used by the Forms manager to decide how to extract a value.
For FlowSearch, a different convention for detecting the type was implemented (instances of the
object have a unique fieldname for the value holder). UserEvents and ObjectChangelog have been
moved to `components` as they're clearly dependent upon the API.
This defers work on removing Admin from Components, as that is (again) references going the
wrong way, but that can happen later.
* web: remove admin-to-user component reference(s) (#6856)
There was only one: AppIcon. This has been moved to `components`.
Touching the LibraryApplications page triggered a cyclomatic
complexity check. Extracting the expansion block and streamlining
the class and style declarations with lit directives helped.
* This was supposed to be merged.
* web: remove `./element`⇢`./user` references
The offender here is UserDevicesList, which despite being in `elements` is only
used by the admin/user/UserViewPage. The problem is that UserDevicesList,
despite being in `admin`, inherits from `user`, so moving it would have created
a new admin⇢user reference, and the whole point of this exercise is to get rid
of references that point "up" from the foundational pieces to the views, or
that refer to components in sibling applications.
After examining UserDevicesList, I realized that *every feature* of MFADevicesList
had been overridden: the rows, the columns, the toolbar, and the endpoint all had
custom overrides. Nothing was left of MFADevicesList after that. Even the
property that the web component used had been completely changed. The only thing
they had in common was that they both inherited from `Table<Device>`.
Refactoring UserDevicesList so that it inherited directly from `Table<Device>` and
then moving it into `./admin/users` was the obvious and correct step.
Both used the same label table, so that went into the `common/labels` folder.
Along the way, I cleaned up a few minor details. Just little things, like the repeated invocation
of:
```
new AuthenticatorsApi(DEFAULT_CONFIG).authenticatorAdminMETHODDestroy({ id: device.pk });
```
This is repeated five times, once for each Method. By creating these:
```
const api = new AuthenticatorsApi(DEFAULT_CONFIG);
const id = { id: device.pk };
```
The method invocation could be just `api.authenticatorsMETHODDestroy(id)`, which is easier on the
eyes. See the MFADevicesPage for the full example.
Similarly,
```
return [
new TableColumn(msg("Name"), ""),
new TableColumn(msg("Type"), ""),
new TableColumn("")
];
```
is more straightforward as:
```
const headers = [msg("Name"), msg("Type"), ""];
return headers.map((th) => new TableColumn(th, ""));
```
We've labeled what we're working with, and web developers ought to know that `th` is the HTML code
for `table header`.
I've had to alter what files are scanned in pre-commit mode; it doesn't handle renamed files very well,
and at the moment a file that is renamed is not scanned, as its "new" name is not straightforwardly
displayed, not even by `git porcelain`.
* web: make the table of column headers look like a table
* web: detangle `common` from `elements`.
And just like that, `common` no longer has a reference to `elements`. I don't mind this little bit of
code duplication if it removes a cycle. What it does point out is that there are bits of `common` that
are predicated on the presence of the browser, and that there are bits of `elements` that, if they rely
on `common`, can't be disentangled from the application as a whole. Which seems to me that we have two
different things going on in common: things about an application, and things about elements that are
independent of the application.
I'll think about those later.
```
$ rg 'import.*@goauthentik' ./common/ | perl -ne 'm{"(@goauthentik[^"]*)"} && print "$1\n"' | sort | cut -d '/' -f1-2 | uniq | sort
@goauthentik/api
@goauthentik/common
$
```
* web: odd bug; merge-related? Gonna investigate.
* web: build failure thanks to local cache; fixed
* web: detangle `components` from `admin`.
This was the last inappropriate reference: something from `./components` referencing something in
`./admin`, in this case the `ak-event-info` component. Used by both Users and Admin, moving it
into `./components` was the obvious correct step.
`ak-event-info` is a lookup table relating specific events in the event log to rich, textual
representations; in the special case of model changes and email info, even more rich content is
available in a dl/dt format. I've tableized the model changes and email info renderer, and I've
extracted every event's textual representation into its own method, converting the `switch/case`
rendering statement into a `switch/case` dispatch switch. This has the virtue of isolating each
unique case and making the dispatch switch short and coherent.
The conversion was done mechanistically; I gave the refactorer (Tide, in this case) instructions to
duplicate the switch block and then convert every case into a method with a name patterned on the
`case`. Going back to the original switch block, it was easy to duplicate the pattern matching and
convert it into a dispatch switch.
And with this, there are zero cycles in the references between the different "packageable" sections
of the UI. The only thing left to do is figure out how to redistribute `./elements` and `./components`
in a way that makes sense for each.
* Changed function name from 'emailMessageBody' to 'githubIssueMessageBody' to better reflect its usage.
* web: added comments about length and purpose of githubIssueMessageBody.
* Update web/src/common/labels.ts
Co-authored-by: Jens L. <jens@goauthentik.io>
Signed-off-by: Ken Sternberg <133134217+kensternberg-authentik@users.noreply.github.com>
* Unwanted change.
* web/add tooltip buttons to user details page
This commit wraps the command buttons on the UserDetailsPage with tooltips providing greater copy
explaining what each button does. It also ensures that every button is a minimum of 11ems in width
(The longest phrase, 'Reset Password', results in a width of 10.75ems; this makes them all
consistent.)
The technique for giving the `ak-action-button` objects a mininum width uses the CSS `::part()`
syntax, which is new. CanIUse shows that it's at 95.3% of global usage; our weak points remain Opera
Mini and UC Browser for Android.
Oh, and IE. But the various Powers That Be™ agree we're no longer tracking or caring about IE.
* I added some text, so it's my responibility to add the language files.
* fix text
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* rework
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
* web: enforce a max-width on the container for the buttons so that they don't look funky on ultrawide monitors.
* wbe: re-ran and confirmed prettier.
---------
Signed-off-by: Ken Sternberg <133134217+kensternberg-authentik@users.noreply.github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>